I would appreciate any donations. Wishlist or send e-mail type donations to maekawa AT daemon-systems.org.

Thank you.

SECMODEL_EXTENSIONS(9) Kernel Developer's Manual SECMODEL_EXTENSIONS(9)
NAMEsecmodel_extensions - extensions security model
DESCRIPTIONsecmodel_extensions implements extensions to the traditional security
model based on the original 4.4BSD. They can be used to grant additional
privileges to ordinary users, or enable specific security measures like
curtain mode.
The extensions are described below.
Curtainmode
When enabled, all returned objects will be filtered according to the
user-id requesting information about them, preventing users from
accessing objects they do not own.
It affects the output of many commands, including fstat(1), netstat(1),
ps(1), sockstat(1), and w(1).
This extension is enabled by setting security.models.extensions.curtain
or security.curtainsysctl(7) to a non-zero value.
It can be enabled at any time, but cannot be disabled anymore when the
securelevel of the system is above 0.
Non-superusermounts
When enabled, it allows file-systems to be mounted by an ordinary user
who owns the point node and has at least read access to the special
device mount(8) arguments. Note that the nosuid and nodev flags must be
given for non-superuser mounts.
This extension is enabled by setting security.models.extensions.usermount
or vfs.generic.usermountsysctl(7) to a non-zero value.
It can be disabled at any time, but cannot be enabled anymore when the
securelevel of the system is above 0.
Non-superusercontrolofCPUsets
When enabled, an ordinary user is allowed to control the CPU affinity(3)
of the processes and threads he owns.
This extension is enabled by setting
security.models.extensions.user_set_cpu_affinitysysctl(7) to a non-zero
value.
It can be disabled at any time, but cannot be enabled anymore when the
securelevel of the system is above 0.
SEEALSOaffinity(3), sched(3), sysctl(7), kauth(9), secmodel(9),
secmodel_bsd44(9), secmodel_securelevel(9), secmodel_suser(9)AUTHORS
Elad Efrat <elad@NetBSD.org>
NetBSD 8.0 November 22, 2012 NetBSD 8.0